From acbb571c8331155d107ed027529844ee9f18a8b2 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 03:58:51 +0000 Subject: [PATCH] Introduced protections against predictable RNG abuse --- .../gradle/internal/util/ports/ReservedPortRange.java | 3 ++- .../src/main/java/org/elasticsearch/tdigest/AVLTreeDigest.java | 3 ++- libs/tdigest/src/main/java/org/elasticsearch/tdigest/Sort.java | 3 ++- .../scalar/datetime/DateFormatRandomDatasetGenerator.java | 3 ++- .../expression/function/scalar/datetime/ToCharTestScript.java | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/util/ports/ReservedPortRange.java b/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/util/ports/ReservedPortRange.java index 811fc10a00ae8..92eb3da1bf915 100644 --- a/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/util/ports/ReservedPortRange.java +++ b/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/util/ports/ReservedPortRange.java @@ -8,6 +8,7 @@ package org.elasticsearch.gradle.internal.util.ports; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -28,7 +29,7 @@ public class ReservedPortRange { public ReservedPortRange(int startPort, int endPort) { this.startPort = startPort; this.endPort = endPort; - current = startPort + new Random().nextInt(endPort - startPort); + current = startPort + new SecureRandom().nextInt(endPort - startPort); } public List getAllocated() { diff --git a/libs/tdigest/src/main/java/org/elasticsearch/tdigest/AVLTreeDigest.java b/libs/tdigest/src/main/java/org/elasticsearch/tdigest/AVLTreeDigest.java index deb3407565f36..7f9450625a653 100644 --- a/libs/tdigest/src/main/java/org/elasticsearch/tdigest/AVLTreeDigest.java +++ b/libs/tdigest/src/main/java/org/elasticsearch/tdigest/AVLTreeDigest.java @@ -21,6 +21,7 @@ package org.elasticsearch.tdigest; +import java.security.SecureRandom; import java.util.Collection; import java.util.Collections; import java.util.Iterator; @@ -29,7 +30,7 @@ import static org.elasticsearch.tdigest.IntAVLTree.NIL; public class AVLTreeDigest extends AbstractTDigest { - final Random gen = new Random(); + final Random gen = new SecureRandom(); private final double compression; private AVLGroupTree summary; diff --git a/libs/tdigest/src/main/java/org/elasticsearch/tdigest/Sort.java b/libs/tdigest/src/main/java/org/elasticsearch/tdigest/Sort.java index c62ae54f93c2c..d073da18facb7 100644 --- a/libs/tdigest/src/main/java/org/elasticsearch/tdigest/Sort.java +++ b/libs/tdigest/src/main/java/org/elasticsearch/tdigest/Sort.java @@ -21,6 +21,7 @@ package org.elasticsearch.tdigest; +import java.security.SecureRandom; import java.util.Arrays; import java.util.Random; @@ -28,7 +29,7 @@ * Static sorting methods */ public class Sort { - private static final Random prng = new Random(); // for choosing pivots during quicksort + private static final Random prng = new SecureRandom(); // for choosing pivots during quicksort /** * Single-key stabilized quick sort on using an index array diff --git a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/DateFormatRandomDatasetGenerator.java b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/DateFormatRandomDatasetGenerator.java index 2f7d17a831bdd..1ee06267412df 100644 --- a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/DateFormatRandomDatasetGenerator.java +++ b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/DateFormatRandomDatasetGenerator.java @@ -8,6 +8,7 @@ package org.elasticsearch.xpack.sql.expression.function.scalar.datetime; import com.carrotsearch.randomizedtesting.generators.RandomNumbers; +import java.security.SecureRandom; import org.elasticsearch.core.PathUtils; import org.elasticsearch.core.SuppressForbidden; @@ -51,7 +52,7 @@ private static class TestRecord { @SuppressForbidden(reason = "It is ok to use Random outside of an actual test") private static Random rnd() { - return new Random(); + return new SecureRandom(); } public static void main(String[] args) throws IOException { diff --git a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/ToCharTestScript.java b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/ToCharTestScript.java index 6d6f8b3dcc22b..9f0c3226b7b22 100644 --- a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/ToCharTestScript.java +++ b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/ToCharTestScript.java @@ -8,6 +8,7 @@ package org.elasticsearch.xpack.sql.expression.function.scalar.datetime; import com.carrotsearch.randomizedtesting.generators.RandomNumbers; +import java.security.SecureRandom; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.core.PathUtils; @@ -241,7 +242,7 @@ private String unitTestExporterScript() { @SuppressForbidden(reason = "It is ok to use Random outside of an actual test") private static Random rnd() { - return new Random(); + return new SecureRandom(); } public static void main(String[] args) throws Exception {